2021-06-07 16:27:02 +00:00
|
|
|
// Copyright 2020-2021 Signal Messenger, LLC
|
2020-10-30 20:34:04 +00:00
|
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2020-09-24 21:53:21 +00:00
|
|
|
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
|
|
/* eslint-disable @typescript-eslint/ban-types */
|
|
|
|
/* eslint-disable more/no-then */
|
|
|
|
/* eslint-disable class-methods-use-this */
|
|
|
|
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
|
|
import PQueue from 'p-queue';
|
2020-04-13 17:37:29 +00:00
|
|
|
|
|
|
|
import EventTarget from './EventTarget';
|
|
|
|
import { WebAPIType } from './WebAPI';
|
2021-04-16 23:13:13 +00:00
|
|
|
import { KeyPairType, CompatSignedPreKeyType } from './Types.d';
|
2020-04-13 17:37:29 +00:00
|
|
|
import utils from './Helpers';
|
|
|
|
import ProvisioningCipher from './ProvisioningCipher';
|
2021-07-28 21:37:09 +00:00
|
|
|
import { IncomingWebSocketRequest } from './WebsocketResources';
|
|
|
|
import createTaskWithTimeout from './TaskWithTimeout';
|
2021-07-02 19:21:24 +00:00
|
|
|
import * as Bytes from '../Bytes';
|
2021-04-16 23:13:13 +00:00
|
|
|
import {
|
|
|
|
deriveAccessKey,
|
|
|
|
generateRegistrationId,
|
|
|
|
getRandomBytes,
|
2021-07-02 19:21:24 +00:00
|
|
|
typedArrayToArrayBuffer,
|
2021-04-16 23:13:13 +00:00
|
|
|
} from '../Crypto';
|
|
|
|
import {
|
|
|
|
generateKeyPair,
|
|
|
|
generateSignedPreKey,
|
|
|
|
generatePreKey,
|
|
|
|
} from '../Curve';
|
2021-03-22 21:08:52 +00:00
|
|
|
import { isMoreRecentThan, isOlderThan } from '../util/timestamp';
|
2021-05-05 16:39:16 +00:00
|
|
|
import { ourProfileKeyService } from '../services/ourProfileKey';
|
2021-07-02 19:21:24 +00:00
|
|
|
import { assert } from '../util/assert';
|
2021-06-07 16:27:02 +00:00
|
|
|
import { getProvisioningUrl } from '../util/getProvisioningUrl';
|
2021-07-02 19:21:24 +00:00
|
|
|
import { SignalService as Proto } from '../protobuf';
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2020-12-17 23:29:20 +00:00
|
|
|
const ARCHIVE_AGE = 30 * 24 * 60 * 60 * 1000;
|
2021-03-22 21:08:52 +00:00
|
|
|
const PREKEY_ROTATION_AGE = 24 * 60 * 60 * 1000;
|
2021-04-16 23:13:13 +00:00
|
|
|
const PROFILE_KEY_LENGTH = 32;
|
|
|
|
const SIGNED_KEY_GEN_BATCH_SIZE = 100;
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-07-02 19:21:24 +00:00
|
|
|
// TODO: remove once we move away from ArrayBuffers
|
|
|
|
const FIXMEU8 = Uint8Array;
|
|
|
|
|
2021-06-15 00:09:37 +00:00
|
|
|
function getIdentifier(id: string | undefined) {
|
2020-04-13 17:37:29 +00:00
|
|
|
if (!id || !id.length) {
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
|
|
|
|
const parts = id.split('.');
|
|
|
|
if (!parts.length) {
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
|
|
|
|
return parts[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
type GeneratedKeysType = {
|
|
|
|
preKeys: Array<{
|
|
|
|
keyId: number;
|
|
|
|
publicKey: ArrayBuffer;
|
|
|
|
}>;
|
|
|
|
signedPreKey: {
|
|
|
|
keyId: number;
|
|
|
|
publicKey: ArrayBuffer;
|
|
|
|
signature: ArrayBuffer;
|
|
|
|
keyPair: KeyPairType;
|
|
|
|
};
|
|
|
|
identityKey: ArrayBuffer;
|
|
|
|
};
|
|
|
|
|
|
|
|
export default class AccountManager extends EventTarget {
|
|
|
|
pending: Promise<void>;
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
pendingQueue?: PQueue;
|
|
|
|
|
2021-07-23 17:23:50 +00:00
|
|
|
constructor(private readonly server: WebAPIType) {
|
2020-04-13 17:37:29 +00:00
|
|
|
super();
|
|
|
|
|
|
|
|
this.pending = Promise.resolve();
|
|
|
|
}
|
|
|
|
|
|
|
|
async requestVoiceVerification(number: string) {
|
|
|
|
return this.server.requestVerificationVoice(number);
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async requestSMSVerification(number: string) {
|
|
|
|
return this.server.requestVerificationSMS(number);
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async encryptDeviceName(name: string, providedIdentityKey?: KeyPairType) {
|
|
|
|
if (!name) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
const identityKey =
|
|
|
|
providedIdentityKey ||
|
|
|
|
(await window.textsecure.storage.protocol.getIdentityKeyPair());
|
|
|
|
if (!identityKey) {
|
|
|
|
throw new Error('Identity key was not provided and is not in database!');
|
|
|
|
}
|
|
|
|
const encrypted = await window.Signal.Crypto.encryptDeviceName(
|
|
|
|
name,
|
|
|
|
identityKey.pubKey
|
|
|
|
);
|
|
|
|
|
2021-07-02 19:21:24 +00:00
|
|
|
const proto = new Proto.DeviceName();
|
|
|
|
proto.ephemeralPublic = new FIXMEU8(encrypted.ephemeralPublic);
|
|
|
|
proto.syntheticIv = new FIXMEU8(encrypted.syntheticIv);
|
|
|
|
proto.ciphertext = new FIXMEU8(encrypted.ciphertext);
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-07-02 19:21:24 +00:00
|
|
|
const bytes = Proto.DeviceName.encode(proto).finish();
|
|
|
|
return Bytes.toBase64(bytes);
|
2020-04-13 17:37:29 +00:00
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async decryptDeviceName(base64: string) {
|
|
|
|
const identityKey = await window.textsecure.storage.protocol.getIdentityKeyPair();
|
2021-04-16 23:13:13 +00:00
|
|
|
if (!identityKey) {
|
|
|
|
throw new Error('decryptDeviceName: No identity key pair!');
|
|
|
|
}
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-07-02 19:21:24 +00:00
|
|
|
const bytes = Bytes.fromBase64(base64);
|
|
|
|
const proto = Proto.DeviceName.decode(bytes);
|
|
|
|
assert(
|
|
|
|
proto.ephemeralPublic && proto.syntheticIv && proto.ciphertext,
|
|
|
|
'Missing required fields in DeviceName'
|
|
|
|
);
|
2020-04-13 17:37:29 +00:00
|
|
|
const encrypted = {
|
2021-07-02 19:21:24 +00:00
|
|
|
ephemeralPublic: typedArrayToArrayBuffer(proto.ephemeralPublic),
|
|
|
|
syntheticIv: typedArrayToArrayBuffer(proto.syntheticIv),
|
|
|
|
ciphertext: typedArrayToArrayBuffer(proto.ciphertext),
|
2020-04-13 17:37:29 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
const name = await window.Signal.Crypto.decryptDeviceName(
|
|
|
|
encrypted,
|
|
|
|
identityKey.privKey
|
|
|
|
);
|
|
|
|
|
|
|
|
return name;
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async maybeUpdateDeviceName() {
|
|
|
|
const isNameEncrypted = window.textsecure.storage.user.getDeviceNameEncrypted();
|
|
|
|
if (isNameEncrypted) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
const deviceName = window.textsecure.storage.user.getDeviceName();
|
2021-06-15 00:09:37 +00:00
|
|
|
const base64 = await this.encryptDeviceName(deviceName || '');
|
2020-04-13 17:37:29 +00:00
|
|
|
|
|
|
|
if (base64) {
|
|
|
|
await this.server.updateDeviceName(base64);
|
|
|
|
}
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async deviceNameIsEncrypted() {
|
|
|
|
await window.textsecure.storage.user.setDeviceNameEncrypted();
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async registerSingleDevice(number: string, verificationCode: string) {
|
2021-04-16 23:13:13 +00:00
|
|
|
return this.queueTask(async () => {
|
|
|
|
const identityKeyPair = generateKeyPair();
|
|
|
|
const profileKey = getRandomBytes(PROFILE_KEY_LENGTH);
|
|
|
|
const accessKey = await deriveAccessKey(profileKey);
|
|
|
|
|
|
|
|
await this.createAccount(
|
|
|
|
number,
|
|
|
|
verificationCode,
|
|
|
|
identityKeyPair,
|
|
|
|
profileKey,
|
|
|
|
null,
|
|
|
|
null,
|
|
|
|
null,
|
|
|
|
{ accessKey }
|
|
|
|
);
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-04-16 23:13:13 +00:00
|
|
|
await this.clearSessionsAndPreKeys();
|
|
|
|
const keys = await this.generateKeys(SIGNED_KEY_GEN_BATCH_SIZE);
|
|
|
|
await this.server.registerKeys(keys);
|
|
|
|
await this.confirmKeys(keys);
|
|
|
|
await this.registrationDone();
|
|
|
|
});
|
2020-04-13 17:37:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async registerSecondDevice(
|
|
|
|
setProvisioningUrl: Function,
|
|
|
|
confirmNumber: (number?: string) => Promise<string>,
|
|
|
|
progressCallback: Function
|
|
|
|
) {
|
|
|
|
const createAccount = this.createAccount.bind(this);
|
|
|
|
const clearSessionsAndPreKeys = this.clearSessionsAndPreKeys.bind(this);
|
2021-04-16 23:13:13 +00:00
|
|
|
const generateKeys = this.generateKeys.bind(
|
|
|
|
this,
|
|
|
|
SIGNED_KEY_GEN_BATCH_SIZE,
|
|
|
|
progressCallback
|
|
|
|
);
|
2020-04-13 17:37:29 +00:00
|
|
|
const provisioningCipher = new ProvisioningCipher();
|
2021-06-09 22:28:54 +00:00
|
|
|
const pubKey = await provisioningCipher.getPublicKey();
|
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
let envelopeCallbacks:
|
|
|
|
| {
|
|
|
|
resolve(data: Proto.ProvisionEnvelope): void;
|
|
|
|
reject(error: Error): void;
|
|
|
|
}
|
|
|
|
| undefined;
|
|
|
|
const envelopePromise = new Promise<Proto.ProvisionEnvelope>(
|
|
|
|
(resolve, reject) => {
|
|
|
|
envelopeCallbacks = { resolve, reject };
|
|
|
|
}
|
|
|
|
);
|
2021-06-09 22:28:54 +00:00
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
const wsr = await this.server.getProvisioningResource({
|
|
|
|
handleRequest(request: IncomingWebSocketRequest) {
|
|
|
|
if (
|
|
|
|
request.path === '/v1/address' &&
|
|
|
|
request.verb === 'PUT' &&
|
|
|
|
request.body
|
|
|
|
) {
|
|
|
|
const proto = Proto.ProvisioningUuid.decode(request.body);
|
|
|
|
const { uuid } = proto;
|
|
|
|
if (!uuid) {
|
|
|
|
throw new Error('registerSecondDevice: expected a UUID');
|
|
|
|
}
|
|
|
|
const url = getProvisioningUrl(uuid, pubKey);
|
2021-06-09 22:28:54 +00:00
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
if (window.CI) {
|
|
|
|
window.CI.setProvisioningURL(url);
|
|
|
|
}
|
|
|
|
|
|
|
|
setProvisioningUrl(url);
|
|
|
|
request.respond(200, 'OK');
|
|
|
|
} else if (
|
|
|
|
request.path === '/v1/message' &&
|
|
|
|
request.verb === 'PUT' &&
|
|
|
|
request.body
|
|
|
|
) {
|
|
|
|
const envelope = Proto.ProvisionEnvelope.decode(request.body);
|
|
|
|
request.respond(200, 'OK');
|
|
|
|
wsr.close();
|
|
|
|
envelopeCallbacks?.resolve(envelope);
|
|
|
|
} else {
|
|
|
|
window.log.error('Unknown websocket message', request.path);
|
2021-06-09 22:28:54 +00:00
|
|
|
}
|
2021-07-28 21:37:09 +00:00
|
|
|
},
|
|
|
|
});
|
2021-06-09 22:28:54 +00:00
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
window.log.info('provisioning socket open');
|
2021-06-09 22:28:54 +00:00
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
wsr.addEventListener('close', ({ code, reason }) => {
|
|
|
|
window.log.info(
|
|
|
|
`provisioning socket closed. Code: ${code} Reason: ${reason}`
|
|
|
|
);
|
2021-06-09 22:28:54 +00:00
|
|
|
|
2021-07-28 21:37:09 +00:00
|
|
|
// Note: if we have resolved the envelope already - this has no effect
|
|
|
|
envelopeCallbacks?.reject(new Error('websocket closed'));
|
|
|
|
});
|
|
|
|
|
|
|
|
const envelope = await envelopePromise;
|
|
|
|
const provisionMessage = await provisioningCipher.decrypt(envelope);
|
|
|
|
|
|
|
|
await this.queueTask(async () => {
|
|
|
|
const deviceName = await confirmNumber(provisionMessage.number);
|
|
|
|
if (typeof deviceName !== 'string' || deviceName.length === 0) {
|
|
|
|
throw new Error(
|
|
|
|
'AccountManager.registerSecondDevice: Invalid device name'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
if (
|
|
|
|
!provisionMessage.number ||
|
|
|
|
!provisionMessage.provisioningCode ||
|
|
|
|
!provisionMessage.identityKeyPair
|
|
|
|
) {
|
|
|
|
throw new Error(
|
|
|
|
'AccountManager.registerSecondDevice: Provision message was missing key data'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
await createAccount(
|
|
|
|
provisionMessage.number,
|
|
|
|
provisionMessage.provisioningCode,
|
|
|
|
provisionMessage.identityKeyPair,
|
|
|
|
provisionMessage.profileKey,
|
|
|
|
deviceName,
|
|
|
|
provisionMessage.userAgent,
|
|
|
|
provisionMessage.readReceipts,
|
|
|
|
{ uuid: provisionMessage.uuid }
|
|
|
|
);
|
|
|
|
await clearSessionsAndPreKeys();
|
|
|
|
const keys = await generateKeys();
|
|
|
|
await this.server.registerKeys(keys);
|
|
|
|
await this.confirmKeys(keys);
|
|
|
|
await this.registrationDone();
|
2021-06-09 22:28:54 +00:00
|
|
|
});
|
2020-04-13 17:37:29 +00:00
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async refreshPreKeys() {
|
2021-04-16 23:13:13 +00:00
|
|
|
const generateKeys = this.generateKeys.bind(
|
|
|
|
this,
|
|
|
|
SIGNED_KEY_GEN_BATCH_SIZE
|
|
|
|
);
|
2020-04-13 17:37:29 +00:00
|
|
|
const registerKeys = this.server.registerKeys.bind(this.server);
|
|
|
|
|
|
|
|
return this.queueTask(async () =>
|
|
|
|
this.server.getMyKeys().then(async preKeyCount => {
|
|
|
|
window.log.info(`prekey count ${preKeyCount}`);
|
|
|
|
if (preKeyCount < 10) {
|
|
|
|
return generateKeys().then(registerKeys);
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async rotateSignedPreKey() {
|
|
|
|
return this.queueTask(async () => {
|
|
|
|
const signedKeyId = window.textsecure.storage.get('signedKeyId', 1);
|
|
|
|
if (typeof signedKeyId !== 'number') {
|
|
|
|
throw new Error('Invalid signedKeyId');
|
|
|
|
}
|
|
|
|
|
|
|
|
const store = window.textsecure.storage.protocol;
|
|
|
|
const { server, cleanSignedPreKeys } = this;
|
|
|
|
|
2020-06-11 20:29:14 +00:00
|
|
|
const existingKeys = await store.loadSignedPreKeys();
|
|
|
|
existingKeys.sort((a, b) => (b.created_at || 0) - (a.created_at || 0));
|
|
|
|
const confirmedKeys = existingKeys.filter(key => key.confirmed);
|
|
|
|
|
|
|
|
if (
|
|
|
|
confirmedKeys.length >= 3 &&
|
2021-03-22 21:08:52 +00:00
|
|
|
isMoreRecentThan(confirmedKeys[0].created_at, PREKEY_ROTATION_AGE)
|
2020-06-11 20:29:14 +00:00
|
|
|
) {
|
|
|
|
window.log.warn(
|
|
|
|
'rotateSignedPreKey: 3+ confirmed keys, most recent is less than a day old. Cancelling rotation.'
|
|
|
|
);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-09-24 21:53:21 +00:00
|
|
|
// eslint-disable-next-line consistent-return
|
2020-04-13 17:37:29 +00:00
|
|
|
return store
|
|
|
|
.getIdentityKeyPair()
|
|
|
|
.then(
|
2021-04-16 23:13:13 +00:00
|
|
|
async (identityKey: KeyPairType | undefined) => {
|
|
|
|
if (!identityKey) {
|
|
|
|
throw new Error('rotateSignedPreKey: No identity key pair!');
|
|
|
|
}
|
|
|
|
|
|
|
|
return generateSignedPreKey(identityKey, signedKeyId);
|
|
|
|
},
|
2020-04-13 17:37:29 +00:00
|
|
|
() => {
|
|
|
|
// We swallow any error here, because we don't want to get into
|
|
|
|
// a loop of repeated retries.
|
|
|
|
window.log.error(
|
|
|
|
'Failed to get identity key. Canceling key rotation.'
|
|
|
|
);
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
)
|
2021-04-16 23:13:13 +00:00
|
|
|
.then(async (res: CompatSignedPreKeyType | null) => {
|
2020-04-13 17:37:29 +00:00
|
|
|
if (!res) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
window.log.info('Saving new signed prekey', res.keyId);
|
|
|
|
return Promise.all([
|
|
|
|
window.textsecure.storage.put('signedKeyId', signedKeyId + 1),
|
|
|
|
store.storeSignedPreKey(res.keyId, res.keyPair),
|
|
|
|
server.setSignedPreKey({
|
|
|
|
keyId: res.keyId,
|
|
|
|
publicKey: res.keyPair.pubKey,
|
|
|
|
signature: res.signature,
|
|
|
|
}),
|
|
|
|
])
|
|
|
|
.then(async () => {
|
|
|
|
const confirmed = true;
|
|
|
|
window.log.info('Confirming new signed prekey', res.keyId);
|
|
|
|
return Promise.all([
|
|
|
|
window.textsecure.storage.remove('signedKeyRotationRejected'),
|
|
|
|
store.storeSignedPreKey(res.keyId, res.keyPair, confirmed),
|
|
|
|
]);
|
|
|
|
})
|
|
|
|
.then(cleanSignedPreKeys);
|
|
|
|
})
|
|
|
|
.catch(async (e: Error) => {
|
|
|
|
window.log.error(
|
|
|
|
'rotateSignedPrekey error:',
|
|
|
|
e && e.stack ? e.stack : e
|
|
|
|
);
|
|
|
|
|
|
|
|
if (
|
|
|
|
e instanceof Error &&
|
|
|
|
e.name === 'HTTPError' &&
|
|
|
|
e.code &&
|
|
|
|
e.code >= 400 &&
|
|
|
|
e.code <= 599
|
|
|
|
) {
|
|
|
|
const rejections =
|
|
|
|
1 + window.textsecure.storage.get('signedKeyRotationRejected', 0);
|
|
|
|
await window.textsecure.storage.put(
|
|
|
|
'signedKeyRotationRejected',
|
|
|
|
rejections
|
|
|
|
);
|
|
|
|
window.log.error('Signed key rotation rejected count:', rejections);
|
|
|
|
} else {
|
|
|
|
throw e;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async queueTask(task: () => Promise<any>) {
|
|
|
|
this.pendingQueue = this.pendingQueue || new PQueue({ concurrency: 1 });
|
2021-07-28 21:37:09 +00:00
|
|
|
const taskWithTimeout = createTaskWithTimeout(task, 'AccountManager task');
|
2020-04-13 17:37:29 +00:00
|
|
|
|
|
|
|
return this.pendingQueue.add(taskWithTimeout);
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async cleanSignedPreKeys() {
|
|
|
|
const MINIMUM_KEYS = 3;
|
|
|
|
const store = window.textsecure.storage.protocol;
|
|
|
|
return store.loadSignedPreKeys().then(async allKeys => {
|
2020-06-11 20:29:14 +00:00
|
|
|
allKeys.sort((a, b) => (b.created_at || 0) - (a.created_at || 0));
|
2020-04-13 17:37:29 +00:00
|
|
|
const confirmed = allKeys.filter(key => key.confirmed);
|
|
|
|
const unconfirmed = allKeys.filter(key => !key.confirmed);
|
|
|
|
|
|
|
|
const recent = allKeys[0] ? allKeys[0].keyId : 'none';
|
|
|
|
const recentConfirmed = confirmed[0] ? confirmed[0].keyId : 'none';
|
|
|
|
window.log.info(`Most recent signed key: ${recent}`);
|
|
|
|
window.log.info(`Most recent confirmed signed key: ${recentConfirmed}`);
|
|
|
|
window.log.info(
|
|
|
|
'Total signed key count:',
|
|
|
|
allKeys.length,
|
|
|
|
'-',
|
|
|
|
confirmed.length,
|
|
|
|
'confirmed'
|
|
|
|
);
|
|
|
|
|
|
|
|
let confirmedCount = confirmed.length;
|
|
|
|
|
|
|
|
// Keep MINIMUM_KEYS confirmed keys, then drop if older than a week
|
|
|
|
await Promise.all(
|
|
|
|
confirmed.map(async (key, index) => {
|
|
|
|
if (index < MINIMUM_KEYS) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
const createdAt = key.created_at || 0;
|
|
|
|
|
2021-03-22 21:08:52 +00:00
|
|
|
if (isOlderThan(createdAt, ARCHIVE_AGE)) {
|
2020-04-13 17:37:29 +00:00
|
|
|
window.log.info(
|
|
|
|
'Removing confirmed signed prekey:',
|
|
|
|
key.keyId,
|
|
|
|
'with timestamp:',
|
|
|
|
new Date(createdAt).toJSON()
|
|
|
|
);
|
|
|
|
await store.removeSignedPreKey(key.keyId);
|
|
|
|
confirmedCount -= 1;
|
|
|
|
}
|
|
|
|
})
|
|
|
|
);
|
|
|
|
|
|
|
|
const stillNeeded = MINIMUM_KEYS - confirmedCount;
|
|
|
|
|
|
|
|
// If we still don't have enough total keys, we keep as many unconfirmed
|
|
|
|
// keys as necessary. If not necessary, and over a week old, we drop.
|
|
|
|
await Promise.all(
|
|
|
|
unconfirmed.map(async (key, index) => {
|
|
|
|
if (index < stillNeeded) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
const createdAt = key.created_at || 0;
|
2021-03-22 21:08:52 +00:00
|
|
|
if (isOlderThan(createdAt, ARCHIVE_AGE)) {
|
2020-04-13 17:37:29 +00:00
|
|
|
window.log.info(
|
|
|
|
'Removing unconfirmed signed prekey:',
|
|
|
|
key.keyId,
|
|
|
|
'with timestamp:',
|
|
|
|
new Date(createdAt).toJSON()
|
|
|
|
);
|
|
|
|
await store.removeSignedPreKey(key.keyId);
|
|
|
|
}
|
|
|
|
})
|
|
|
|
);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
async createAccount(
|
|
|
|
number: string,
|
|
|
|
verificationCode: string,
|
|
|
|
identityKeyPair: KeyPairType,
|
|
|
|
profileKey: ArrayBuffer | undefined,
|
|
|
|
deviceName: string | null,
|
|
|
|
userAgent?: string | null,
|
|
|
|
readReceipts?: boolean | null,
|
|
|
|
options: { accessKey?: ArrayBuffer; uuid?: string } = {}
|
|
|
|
): Promise<void> {
|
2021-01-11 21:59:46 +00:00
|
|
|
const { accessKey, uuid } = options;
|
2021-04-16 23:13:13 +00:00
|
|
|
let password = btoa(utils.getString(getRandomBytes(16)));
|
2020-04-13 17:37:29 +00:00
|
|
|
password = password.substring(0, password.length - 2);
|
2021-04-16 23:13:13 +00:00
|
|
|
const registrationId = generateRegistrationId();
|
2020-04-13 17:37:29 +00:00
|
|
|
|
|
|
|
const previousNumber = getIdentifier(
|
|
|
|
window.textsecure.storage.get('number_id')
|
|
|
|
);
|
|
|
|
const previousUuid = getIdentifier(
|
|
|
|
window.textsecure.storage.get('uuid_id')
|
|
|
|
);
|
|
|
|
|
|
|
|
let encryptedDeviceName;
|
|
|
|
if (deviceName) {
|
|
|
|
encryptedDeviceName = await this.encryptDeviceName(
|
|
|
|
deviceName,
|
|
|
|
identityKeyPair
|
|
|
|
);
|
|
|
|
await this.deviceNameIsEncrypted();
|
|
|
|
}
|
|
|
|
|
|
|
|
window.log.info(
|
|
|
|
`createAccount: Number is ${number}, password has length: ${
|
|
|
|
password ? password.length : 'none'
|
|
|
|
}`
|
|
|
|
);
|
|
|
|
|
|
|
|
const response = await this.server.confirmCode(
|
|
|
|
number,
|
|
|
|
verificationCode,
|
|
|
|
password,
|
|
|
|
registrationId,
|
|
|
|
encryptedDeviceName,
|
|
|
|
{ accessKey }
|
|
|
|
);
|
|
|
|
|
2021-01-11 21:59:46 +00:00
|
|
|
const uuidChanged = previousUuid && uuid && previousUuid !== uuid;
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-06-08 18:54:20 +00:00
|
|
|
// We only consider the number changed if we didn't have a UUID before
|
|
|
|
const numberChanged =
|
|
|
|
!previousUuid && previousNumber && previousNumber !== number;
|
|
|
|
|
|
|
|
if (uuidChanged || numberChanged) {
|
|
|
|
if (uuidChanged) {
|
2020-04-13 17:37:29 +00:00
|
|
|
window.log.warn(
|
2021-06-08 18:54:20 +00:00
|
|
|
'New uuid is different from old uuid; deleting all previous data'
|
2020-04-13 17:37:29 +00:00
|
|
|
);
|
|
|
|
}
|
2021-06-08 18:54:20 +00:00
|
|
|
if (numberChanged) {
|
2020-04-13 17:37:29 +00:00
|
|
|
window.log.warn(
|
2021-06-08 18:54:20 +00:00
|
|
|
'New number is different from old number; deleting all previous data'
|
2020-04-13 17:37:29 +00:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
await window.textsecure.storage.protocol.removeAllData();
|
|
|
|
window.log.info('Successfully deleted previous data');
|
|
|
|
} catch (error) {
|
|
|
|
window.log.error(
|
|
|
|
'Something went wrong deleting data from previous number',
|
|
|
|
error && error.stack ? error.stack : error
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
await Promise.all([
|
|
|
|
window.textsecure.storage.remove('identityKey'),
|
2021-07-23 17:23:50 +00:00
|
|
|
window.textsecure.storage.user.removeCredentials(),
|
2020-04-13 17:37:29 +00:00
|
|
|
window.textsecure.storage.remove('registrationId'),
|
|
|
|
window.textsecure.storage.remove('regionCode'),
|
|
|
|
window.textsecure.storage.remove('userAgent'),
|
|
|
|
window.textsecure.storage.remove('profileKey'),
|
2021-06-15 00:09:37 +00:00
|
|
|
window.textsecure.storage.remove('read-receipt-setting'),
|
2020-04-13 17:37:29 +00:00
|
|
|
]);
|
|
|
|
|
2021-07-23 17:23:50 +00:00
|
|
|
// `setCredentials` needs to be called
|
2020-04-13 17:37:29 +00:00
|
|
|
// before `saveIdentifyWithAttributes` since `saveIdentityWithAttributes`
|
|
|
|
// indirectly calls `ConversationController.getConverationId()` which
|
|
|
|
// initializes the conversation for the given number (our number) which
|
|
|
|
// calls out to the user storage API to get the stored UUID and number
|
|
|
|
// information.
|
2021-07-23 17:23:50 +00:00
|
|
|
await window.textsecure.storage.user.setCredentials({
|
|
|
|
uuid,
|
2020-04-13 17:37:29 +00:00
|
|
|
number,
|
2021-07-23 17:23:50 +00:00
|
|
|
deviceId: response.deviceId ?? 1,
|
|
|
|
deviceName: deviceName ?? undefined,
|
|
|
|
password,
|
|
|
|
});
|
2020-04-13 17:37:29 +00:00
|
|
|
|
2021-01-15 16:57:09 +00:00
|
|
|
// This needs to be done very early, because it changes how things are saved in the
|
|
|
|
// database. Your identity, for example, in the saveIdentityWithAttributes call
|
|
|
|
// below.
|
|
|
|
const conversationId = window.ConversationController.ensureContactIds({
|
|
|
|
e164: number,
|
|
|
|
uuid,
|
|
|
|
highTrust: true,
|
|
|
|
});
|
|
|
|
|
|
|
|
if (!conversationId) {
|
|
|
|
throw new Error('registrationDone: no conversationId!');
|
|
|
|
}
|
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
// update our own identity key, which may have changed
|
|
|
|
// if we're relinking after a reinstall on the master device
|
|
|
|
await window.textsecure.storage.protocol.saveIdentityWithAttributes(
|
2021-01-15 16:57:09 +00:00
|
|
|
uuid || number,
|
2020-04-13 17:37:29 +00:00
|
|
|
{
|
|
|
|
publicKey: identityKeyPair.pubKey,
|
|
|
|
firstUse: true,
|
|
|
|
timestamp: Date.now(),
|
|
|
|
verified: window.textsecure.storage.protocol.VerifiedStatus.VERIFIED,
|
|
|
|
nonblockingApproval: true,
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
await window.textsecure.storage.put('identityKey', identityKeyPair);
|
|
|
|
await window.textsecure.storage.put('registrationId', registrationId);
|
|
|
|
if (profileKey) {
|
2021-05-05 16:39:16 +00:00
|
|
|
await ourProfileKeyService.set(profileKey);
|
2020-04-13 17:37:29 +00:00
|
|
|
}
|
|
|
|
if (userAgent) {
|
|
|
|
await window.textsecure.storage.put('userAgent', userAgent);
|
|
|
|
}
|
|
|
|
|
|
|
|
await window.textsecure.storage.put(
|
|
|
|
'read-receipt-setting',
|
|
|
|
Boolean(readReceipts)
|
|
|
|
);
|
|
|
|
|
|
|
|
const regionCode = window.libphonenumber.util.getRegionCodeForNumber(
|
|
|
|
number
|
|
|
|
);
|
|
|
|
await window.textsecure.storage.put('regionCode', regionCode);
|
|
|
|
await window.textsecure.storage.protocol.hydrateCaches();
|
2021-07-28 21:37:09 +00:00
|
|
|
|
|
|
|
// We are finally ready to reconnect
|
|
|
|
window.textsecure.storage.user.emitCredentialsChanged(
|
|
|
|
'AccountManager.createAccount'
|
|
|
|
);
|
2020-04-13 17:37:29 +00:00
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async clearSessionsAndPreKeys() {
|
|
|
|
const store = window.textsecure.storage.protocol;
|
|
|
|
|
|
|
|
window.log.info('clearing all sessions, prekeys, and signed prekeys');
|
|
|
|
await Promise.all([
|
|
|
|
store.clearPreKeyStore(),
|
|
|
|
store.clearSignedPreKeysStore(),
|
|
|
|
store.clearSessionStore(),
|
|
|
|
]);
|
|
|
|
}
|
2020-09-09 02:25:05 +00:00
|
|
|
|
|
|
|
async getGroupCredentials(startDay: number, endDay: number) {
|
|
|
|
return this.server.getGroupCredentials(startDay, endDay);
|
|
|
|
}
|
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
// Takes the same object returned by generateKeys
|
|
|
|
async confirmKeys(keys: GeneratedKeysType) {
|
|
|
|
const store = window.textsecure.storage.protocol;
|
|
|
|
const key = keys.signedPreKey;
|
|
|
|
const confirmed = true;
|
|
|
|
|
|
|
|
if (!key) {
|
|
|
|
throw new Error('confirmKeys: signedPreKey is null');
|
|
|
|
}
|
|
|
|
|
|
|
|
window.log.info('confirmKeys: confirming key', key.keyId);
|
|
|
|
await store.storeSignedPreKey(key.keyId, key.keyPair, confirmed);
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
async generateKeys(count: number, providedProgressCallback?: Function) {
|
|
|
|
const progressCallback =
|
|
|
|
typeof providedProgressCallback === 'function'
|
|
|
|
? providedProgressCallback
|
|
|
|
: null;
|
|
|
|
const startId = window.textsecure.storage.get('maxPreKeyId', 1);
|
|
|
|
const signedKeyId = window.textsecure.storage.get('signedKeyId', 1);
|
|
|
|
|
|
|
|
if (typeof startId !== 'number') {
|
|
|
|
throw new Error('Invalid maxPreKeyId');
|
|
|
|
}
|
|
|
|
if (typeof signedKeyId !== 'number') {
|
|
|
|
throw new Error('Invalid signedKeyId');
|
|
|
|
}
|
|
|
|
|
|
|
|
const store = window.textsecure.storage.protocol;
|
|
|
|
return store.getIdentityKeyPair().then(async identityKey => {
|
2021-04-16 23:13:13 +00:00
|
|
|
if (!identityKey) {
|
|
|
|
throw new Error('generateKeys: No identity key pair!');
|
|
|
|
}
|
|
|
|
|
2020-04-13 17:37:29 +00:00
|
|
|
const result: any = {
|
|
|
|
preKeys: [],
|
|
|
|
identityKey: identityKey.pubKey,
|
|
|
|
};
|
|
|
|
const promises = [];
|
|
|
|
|
|
|
|
for (let keyId = startId; keyId < startId + count; keyId += 1) {
|
|
|
|
promises.push(
|
2021-04-16 23:13:13 +00:00
|
|
|
Promise.resolve(generatePreKey(keyId)).then(async res => {
|
2020-04-13 17:37:29 +00:00
|
|
|
await store.storePreKey(res.keyId, res.keyPair);
|
|
|
|
result.preKeys.push({
|
|
|
|
keyId: res.keyId,
|
|
|
|
publicKey: res.keyPair.pubKey,
|
|
|
|
});
|
|
|
|
if (progressCallback) {
|
|
|
|
progressCallback();
|
|
|
|
}
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
promises.push(
|
2021-04-16 23:13:13 +00:00
|
|
|
Promise.resolve(generateSignedPreKey(identityKey, signedKeyId)).then(
|
|
|
|
async res => {
|
|
|
|
await store.storeSignedPreKey(res.keyId, res.keyPair);
|
|
|
|
result.signedPreKey = {
|
|
|
|
keyId: res.keyId,
|
|
|
|
publicKey: res.keyPair.pubKey,
|
|
|
|
signature: res.signature,
|
|
|
|
// server.registerKeys doesn't use keyPair, confirmKeys does
|
|
|
|
keyPair: res.keyPair,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
)
|
2020-04-13 17:37:29 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
promises.push(
|
|
|
|
window.textsecure.storage.put('maxPreKeyId', startId + count)
|
|
|
|
);
|
|
|
|
promises.push(
|
|
|
|
window.textsecure.storage.put('signedKeyId', signedKeyId + 1)
|
|
|
|
);
|
|
|
|
|
|
|
|
return Promise.all(promises).then(async () =>
|
|
|
|
// This is primarily for the signed prekey summary it logs out
|
|
|
|
this.cleanSignedPreKeys().then(() => result as GeneratedKeysType)
|
|
|
|
);
|
|
|
|
});
|
|
|
|
}
|
2020-09-24 21:53:21 +00:00
|
|
|
|
2021-01-15 16:57:09 +00:00
|
|
|
async registrationDone() {
|
2020-04-13 17:37:29 +00:00
|
|
|
window.log.info('registration done');
|
|
|
|
this.dispatchEvent(new Event('registration'));
|
|
|
|
}
|
|
|
|
}
|